Replies: 3 comments 1 reply
-
|
I had made a environment of openldap and wrote a note below, is it useful? @nobodyiam So far, I think this test case could verify the bug fixing in issue ##5051 ? |
Beta Was this translation helpful? Give feedback.
-
环境部署可以通过https://localhost:6443
配置文件spring:
ldap:
base: "dc=example,dc=org"
username: "cn=admin,dc=example,dc=org" # 配置管理员账号,用于搜索、匹配用户
password: "admin"
searchFilter: "(uid={0})" # 用户过滤器,登录的时候用这个过滤器来搜索用户
urls:
- "ldap://localhost:389"
ldap:
mapping: # 配置 ldap 属性
objectClass: "inetOrgPerson" # ldap 用户 objectClass 配置
loginId: "uid" # ldap 用户惟一 id,用来作为登录的 id
rdnKey: "uid" # ldap rdn key,可选项,如需启用group search需要配置
userDisplayName: "cn" # ldap 用户名,用来作为显示名
email: "mail" # ldap 邮箱属性
group: # 启用group search,可选配置,启用后只有特定group的用户可以登录apollo
objectClass: "posixGroup" # 配置groupClassName
groupBase: "ou=apollo" # group search base
groupSearch: "(&(cn=dev))" # group filter
groupMembership: "memberUid" # group memberShip eg. member or memberUid
# LDIF Export for dc=example,dc=org
# Server: ldap-host (ldap-host)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 7
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on December 20, 2023 6:25 pm
# Version: 1.2.5
version: 1
# Entry 1: dc=example,dc=org
dn: dc=example,dc=org
dc: example
o: Example Inc.
objectclass: top
objectclass: dcObject
objectclass: organization
# Entry 2: ou=apollo,dc=example,dc=org
dn: ou=apollo,dc=example,dc=org
objectclass: organizationalUnit
objectclass: top
ou: apollo
# Entry 3: cn=dev,ou=apollo,dc=example,dc=org
dn: cn=dev,ou=apollo,dc=example,dc=org
cn: dev
gidnumber: 502
memberuid: apollo
memberuid: luke
objectclass: posixGroup
objectclass: top
# Entry 4: uid=apollo,cn=dev,ou=apollo,dc=example,dc=org
dn: uid=apollo,cn=dev,ou=apollo,dc=example,dc=org
cn: apollo
objectclass: inetOrgPerson
objectclass: top
sn: config
uid: apollo
userpassword: admin
# Entry 5: uid=luke,cn=dev,ou=apollo,dc=example,dc=org
dn: uid=luke,cn=dev,ou=apollo,dc=example,dc=org
cn: luke
objectclass: inetOrgPerson
objectclass: top
sn: wei
uid: luke
userpassword: luke
# Entry 6: cn=hr,ou=apollo,dc=example,dc=org
dn: cn=hr,ou=apollo,dc=example,dc=org
cn: hr
gidnumber: 500
objectclass: posixGroup
objectclass: top
# Entry 7: uid=rock,cn=hr,ou=apollo,dc=example,dc=org
dn: uid=rock,cn=hr,ou=apollo,dc=example,dc=org
cn: rock
objectclass: inetOrgPerson
objectclass: top
sn: white
uid: rock
userpassword: rock如图所示,在组织单元apollo下,有两个posix组,dev和hr。我们在配置文件中配置group filter使得只有dev组的用户可以登录portal管理界面。rock在hr组,就不行。 简单测试用例
|
Beta Was this translation helpful? Give feedback.
-
|
Wow, that's really helpful! |
Beta Was this translation helpful? Give feedback.
-
|
I followed the instructions, and it worked charmingly.
|
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I don't know if the simple test case I made does meet the requirements?
Your valuable opinions are needed!!!
Beta Was this translation helpful? Give feedback.
All reactions